Winamp Module Decoder Plug-in Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with Winamp and is prone to multiple Buffer Overflow vulnerabilities.

Impact

Attacker may leverage this issue by executing arbitrary codes in the context of the affected application and can cause denial of service. Impact Level: System/Application

Solution

Upgrade to the version 5.57, http://www.winamp.com/player

Insight

Multiple flaws are due to: - Boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions, samples or Ultratracker files. - An integer overflow error in the Module Decoder Plug-in when parsing crafted Oktalyzer PNG or JPEG Files.

Affected

Winamp version prior to 5.57 on Windows.

References

http://forums.winamp.com/showthread.php?threadid=315355
http://secunia.com/advisories/37495
http://secunia.com/secunia_research/2009-56
http://www.securityfocus.com/archive/1/archive/1/508528/100/0/threaded
http://www.vupen.com/english/advisories/2009/3575
http://www.vupen.com/english/advisories/2009/3576

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3995, CVE-2009-3996, CVE-2009-3997, CVE-2009-4356
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
avast! 'aswRdr.sys' Buffer Overflow Vulnerability
Adobe Air Buffer Overflow Vulnerability (Windows)
Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities

Take action and discover your vulnerabilities